﻿@{
    // Set the layout page and page title
    LayoutPage = "~/_SiteLayout.cshtml";
    PageData["Title"] = "Password Reset";

    var newPasswordError = "";
    var confirmPasswordError = "";
    var passwordResetTokenError = "";
    var passwordResetToken = Request.Form["resetToken"] ?? Request.QueryString["resetToken"];
    var disabledAttribute = "";

    bool isValid = true;
    bool tokenExpired = false;
    bool isSuccess = false;

    if (IsPost) {
        var newPassword = Request["newPassword"];
        var confirmPassword = Request["confirmPassword"];

        if (newPassword.IsEmpty()) {
            newPasswordError = "Please enter a new password.";
            isValid = false;
        }

        if (confirmPassword != newPassword) {
            confirmPasswordError = "The password confirmation did not match the new password.";
            isValid = false;
        }

        if (passwordResetToken.IsEmpty()) {
            passwordResetTokenError = "Please enter your password reset token. It should have been sent to you in an email.";
            isValid = false;
        }

        if (isValid) {
            if (WebSecurity.ResetPassword(passwordResetToken, newPassword)) {   
                disabledAttribute = @"disabled=""disabled""";
                isSuccess = true;
            }
            else {
                passwordResetTokenError = "The password reset token is invalid.";
                tokenExpired = true;
                isValid = false;
            }
        }
        else {
            isValid = false;
        }
    }
}

@if (!isValid) {
    <div class="message error icon">
        @if (tokenExpired) {
        <span>The password reset token is incorrect or may be expired. Visit the <a href="ForgotPassword">forgot password page</a> to generate a new one.</span>
        }
        else {
        <span>Could not reset password. Please correct the errors and try again.</span>
        }
    </div>
}

@if (isSuccess){
    <div class="message success icon">
        Password changed! Click <a href="@Href("~/Account/Login")">here</a> to log in.
    </div>
}

<fieldset class="prettyForm">
    <legend>Password Change Form</legend>
    @if (!Mail.SmtpServer.IsEmpty()) {

    <p>
        Please type in your new password below and click the <em>Reset Password</em> button to change your password.
    </p>
    <form method="post" action="">
        <div>
            <label for="newPassword">New Password:</label> 
            <input type="password" name="newPassword" @disabledAttribute/>
            @if (!newPasswordError.IsEmpty()) {
                <span class="message error">&raquo; @newPasswordError</span>
            }
        </div>
        <div>
            <label for="confirmPassword">Confirm Password:</label> 
            <input type="password" name="confirmPassword" @disabledAttribute/>
            @if (!confirmPasswordError.IsEmpty()) {
                <span class="message error">&raquo; @confirmPasswordError</span>
            }
        </div>
        <div>
            <label for="resetToken">Password Reset Token:</label> 
            <input type="text" name="resetToken" value="@passwordResetToken" @disabledAttribute/>
            @if (!passwordResetTokenError.IsEmpty()) {
                <span class="message error">&raquo; @passwordResetTokenError</span>
            }
        </div>
        <div>
            <input type="submit" value="Reset Password" @disabledAttribute/>
        </div>
    </form>
    }
    else {
        <div class=" message error icon">
            Password recovery is disabled for this website because the Smtp server is 
            not configured correctly. Please contact the owner of this site to reset 
            your password.
        </div>
    }
</fieldset>